Earlier today, MSUFCU was notified that some members had received a notice on their web browser that their MSUFCU account login credentials may have been compromised as part of other large-scale security breaches. The notice also asks users to visit another website to check their credit. Should you receive this malware notice, we recommend not clicking any links and closing your browser immediately.

Please rest assured that if you receive this notice on your web browser, MSUFCU's systems remain secure. The message is tied to malware and does not reflect any threat to your account or MSUFCU's system.

While there is no threat to MSUFCU's system, we’d like to remind our members to be diligent in regularly monitoring their MSUFCU accounts to help detect any suspicious activity. There are many monitoring options available for MSUFCU members

MSUFCU recently became aware of a data breach that took place at Staples. Scroll down to read the latest updates from MSUFCU.

Since learning about the compromise, MSUFCU has been closely monitoring our members’ card activity and we would like to ensure you that we are taking all necessary precautions to ensure the security of our members' financial information.

December 19, 2014 – Staples Data Breach:
MSUFCU became aware of another data breach, this time occurring at Staples.113 store locations were affected, 1 of which is in Grosse Point, Michigan, between the dates July 20 and September 16, 2014. ﻿﻿Staples noted in a statement Friday that data accessed by the cybercriminals through the malware on the POS systems included cardholder names, payment card numbers, expiration dates, and card verification codes.

Staples has set up a section of their website to address the recent data breach, which you can read by clicking here.

Steps You Can Take to Protect Your Account
Members who believe they may be affected by the compromises listed above are encouraged to contact MSUFCU as soon as possible:

Our representatives are available to assist members in taking the necessary precautions to protect their accounts. Members who experience fraud on their MSUFCU account as a result of the Staples data breach will not be held liable due to Visa’s zero fraud liability protection.

We’d like to remind our members to be diligent in regularly monitoring their MSUFCU accounts to help detect any suspicious activity. There are many monitoring options available for MSUFCU members

A widespread programming vulnerability known as "Shellshock" or "Bash Bug" was made public this week. This vulnerability lies within Linux and Unix based systems and could allow a hacker to take control of a computer operating system/device in its entirety. It does not impact Microsoft Windows users.

What We Are Doing
Upon hearing of Shellshock/Bash Bug, MSUFCU's IT department took immediate action to scan and patch all of our systems and servers to ensure that we are secure. MSUFCU's website and all account access avenues (ComputerLine, MoneyLine, Green on the Go mobile banking, as well as the MSUFCU Mobile app) remain secure for use. Read more about our online security.

What You Can Do
While there is not much proactive action the average computer user can take to protect themselves against Shellshock/Bash Bug at this time, we would like to remind users to regularly install security updates or patches as they become available. It is important to install these updates regularly to ensure that your computer is protected. It is highly recommended to not click on links within emails from unfamiliar senders.

Please do not hesitate to contact us with any questions or concerns, we are happy to assist you.

MSUFCU recently became aware of multiple data breaches that took place at two nationwide retailers, The Home Depot and Jimmy John's Gourmet Sandwiches. Scroll down to read the latest updates from MSUFCU.

Since learning about the compromises, MSUFCU has been closely monitoring our members’ card activity and we would like to ensure you that we are taking all necessary precautions to ensure the security of our members' financial information.

September 25, 2014 – Jimmy John's Gourmet Sandwiches Data Breach:
MSUFCU became aware of another data breach, this time occuring at Jimmy John's Gourmet Sandwiches.216 store locations were affected, 18 of which are in Michigan (including two East Lansing locations), between the dates June 16 and September 5, 2014. The company believes the compromise occured after malware was installed at franchise and corporate point-of-sale systems.

Jimmy John's has set up a section of their website to address the recent data breach, which you can read by clicking here.

September 23, 2014 – Home Depot Data Breach
MSUFCU was recently informed of a data breach of Home Depot’s payment systems that affects individuals who made in-store and online purchases with their credit and debit cards between the dates of April 11 and September 7, 2014.

Home Depot has set up a section on their website to address the data breach that occured in their system; you may read it by clicking here.

Steps You Can Take to Protect Your Account
Members who believe they may be affected by the compromises listed above are encouraged to contact MSUFCU as soon as possible:

Our representatives are available to assist members in taking the necessary precautions to protect their accounts. Members who experience fraud on their MSUFCU account as a result of the Home Depot and Jimmy John's data breaches will not be held liable due to Visa’s zero fraud liability protection.

We’d like to remind our members to be diligent in regularly monitoring their MSUFCU accounts to help detect any suspicious activity. There are many monitoring options available for MSUFCU members

MSUFCU was notified of a data breach at Michaels Craft Stores between May 8, 2013, and January 27, 2014. The company’s statement says the attack on Michaels targeted a limited portion of the point-of-sale systems at a varying number of stores during that time. The affected systems contained certain payment card information, such as card number and expiration date, for both Michaels and Aaron Brothers customers. There is no evidence that other customer personal information, such as name, address, or PIN, is at risk in connection with this issue. MSUFCU is working to determine the impact this will have on our membership. Account security is a top priority for MSUFCU and we are taking every precaution to ensure our members’ financial security.

If you believe your card/account was affected by the compromise, we encourage you to contact MSUFCU as soon as possible:

​We are here to assist members in taking the necessary precautions to protect their accounts. MSUFCU members who experience fraud on their MSUFCU account will not be held liable due to Visa’s zero fraud liability protection, as long as it is reported to us as soon as possible.

We’d like to remind our members to be diligent in regularly monitoring their accounts.

Should you see any suspicious transactions or preauthorizations on your MSUFCU account, please contact us immediately so that we can take the necessary precautions to protect your account.

We also recommend to periodically review your credit report and report inaccuracies or possible fraud. You may order a copy of your credit report each year from one of the major credit bureaus at www.annualcreditreport.com.

On Tuesday, April 8, a serious website vulnerability was made public and has been widely discussed in news and social media outlets. The vulnerability, named the "Heartbleed bug," is a defect in the commonly used cryptographic software library called OpenSSL. The OpenSSL software library provides SSL/TLS encryption for many web services (like retail/business websites, social websites, email, etc.) and is used by companies all around the world. The vulnerability that was found allows an attacker to read the memory for systems that, under normal conditions, are protected by the SSL/TLS encryption. Reading the memory in this way means that an attacker could be able to see any sensitive web communication traffic including private key information (a password-like piece of information used for encryption) and username and password credentials.

MSUFCU's Response to Heartbleed
We became aware of this issue shortly after its posting online and we immediately took action to patch the vulnerability for all of our affected servers. We have replaced the SSL encryption certificates for all servers that had the affected version of OpenSSL. Since most of our affected systems did not capture member login information, we have determined that the potential exposure is minimal.

MSUFCU's website is no longer vulnerable to the Heartbleed bug and continues to provide secure online services to our membership.

Should you have questions or further concerns, please do not hesitate to contact MSUFCU. We are happy to assist you.